<?php

// Include config file
include_once('./common.php');

// Connect to database
$link = dbConnect();
$output = "";

//see what action we need to do
if(isset($_POST['action'])){
	switch($_POST['action']){
		case "loadNetworks":
			load();
		break;
		
		case "registerUser":
			register();
		break;
		
		case "verifyUser":
			verify();
		break;
	}
}else{
	mysql_close($link);
	die('Nothing set');
}

echo $output;

//if everything is ok, close the link to mysql
if(strchr($output, "okay")){
	mysql_close($link);
}

function load(){
	global $output, $link;
	
	//this will load any social network fields we may have
	$result = mysql_query("SELECT networkID, languageKey FROM ".TABLE_PREFIX."_social_networks WHERE isEnabled = 1");
	
	if(!$result){
		echo "output=mysqlError&mysqlError=".mysql_error();
		mysql_close($link);
		return;
	}
	
	//query was ok, let flash know
	$output .= "output=okay";
	
	$totalNetworks = mysql_num_rows($result);
	$output .= "&totalNetworks=".$totalNetworks;
	
	for($i = 0; $i < $totalNetworks; $i++){
		$data = mysql_fetch_object($result);
		$output .= "&networkID".$i."=".$data->networkID;
		$output .= "&networkLanguage".$i."=".stripslashes($data->languageKey);
		$output .= "&networkValue".$i."=";
	}
}


function register(){
	global $output, $link;
	
	$email = mysql_real_escape_string($_POST['email']);
	$username = mysql_real_escape_string($_POST['username']);
	
	// If email is invalid...
	if (!checkEmail($email)) {
		echo "output=emailFail";
		return;
	}
	
	//check to see if the username and e-mail are ok
	$result = mysql_query("SELECT email FROM ".TABLE_PREFIX."_users WHERE email = '".$email."'");
	if(mysql_num_rows($result) > 0){
		echo "output=emailInUse";
		mysql_close($link);
		return;
	}
	
	$result = mysql_query("SELECT username FROM ".TABLE_PREFIX."_users WHERE username = '".$username."'");
	if(mysql_num_rows($result) > 0){
		echo "output=usernameInUse";
		mysql_close($link);
		return;
	}
	//check for an avatar
	$avatar = "";
	if(isset($_POST['avatar'])){
		$avatar = $_POST['avatar'];
	}
	
	//setup a code to be used to verify the email account
	$verifyCode = md5(substr(time(),-5, 5).$email);
	
	//if all looks good then let's add them to the dbase
	$query = "INSERT INTO ".TABLE_PREFIX."_users (
	username, 
	password, 
	title, 
	email, 
	location, 
	signature,
	avatarURL,
	homepage, 
	joined, 
	lastOnline, 
	lastLogin,
	verifyCode
	) VALUES (
	'".$username."', 
	'".md5($_POST['password'])."', 
	'".mysql_real_escape_string($_POST['defaultUserTitle'])."', 
	'".$email."', 
	'".mysql_real_escape_string($_POST['location'])."',
	'".mysql_real_escape_string($_POST['signature'])."',
	'".mysql_real_escape_string($avatar)."',
	'".mysql_real_escape_string($_POST['website'])."',
	".time().",
	".time().",
	".time().",
	'".$verifyCode."')";
	
	$result = mysql_query($query);
	
	if(!$result){
		echo "output=mysqlError&mysqlError=".mysql_error();
		mysql_close($link);
		return;
	}
	
	//if everything went alright then add them to the guest user level, once they verify it'll convert to member
	$userID = mysql_insert_id();
	$groupID = mysql_real_escape_string($_POST['guestGroupID']);
	$result = mysql_query("INSERT INTO ".TABLE_PREFIX."_groupmembers (userID, groupID, isAllowedToPost) VALUES ($userID, $groupID, 0)");
	
	if(!$result){
		echo "output=mysqlError&mysqlError=".mysql_error();
		mysql_close($link);
		return;
	}
	
	//update the social networking stuff
	foreach($_POST as $name => $value) {
		$chunks = explode($_POST['divider'], $name);
		if(count($chunks) > 1 && $value != ""){
			//build the query
			$query = "REPLACE INTO ".TABLE_PREFIX."_users_networks (userID, networkID, value) VALUES (".$userID.", ".$chunks[0].", '".mysql_real_escape_string($value)."')";
			$result = mysql_query($query);
			if(!$result){
				echo "output=mysqlError&mysqlError=".mysql_error();
				mysql_close($link);
				return;
			}
		}
	}	
	
	$output = "output=okay";
	
	// verification e-mail
	$welcomeMessage = $_POST['welcomeMessage'];
	$installDir = $_POST['installDirectory'];
	$boardName = $_POST['boardName'];
	$boardEmail = $_POST['boardEmail'];
	$activation = $_POST['activation'];
	
	//setup message
	$mailMessage =  $username.",\n\n".$welcomeMessage."\n\n".$installDir."#/?verifyuser=".$username."&key=".$verifyCode."\n\n";
	$mailMessage .=	$boardName."\n".$installDir;
	
	//ship it
	sendMail($email,$boardName." ".$activation, $mailMessage, $boardName, $boardEmail);
}

function verify(){
	global $output, $link;
	
	$username = mysql_real_escape_string($_POST['username']);
	$key = mysql_real_escape_string($_POST['key']);
	$guestGroupID = mysql_real_escape_string($_POST['guestGroupID']);
	
	//make sure we have a match
	$result = mysql_query("SELECT userID FROM ".TABLE_PREFIX."_users WHERE username = '".$username."' AND verifyCode = '".$key."'");
	
	if(!$result){
		echo "output=mysqlError&mysqlError=".mysql_error();
		mysql_close($link);
		return;
	}
	
	//make sure we have a match
	if(mysql_num_rows($result) == 0){
		echo "output=matchError";
		mysql_close($link);
		return;
	}
		
	//let's see if the user has already verified, but is trying to do it again
	$data = mysql_fetch_object($result);
	$userID = $data->userID;
	
	$result = mysql_query("SELECT userID FROM ".TABLE_PREFIX."_groupmembers WHERE userID = ".$userID." AND groupID = 2");
	
	if(mysql_num_rows($result) > 0){
		echo "output=alreadyVerified";
		mysql_close($link);
		return;
	}
	
	//if we made it down here, then give them posting rights
	$result = mysql_query("UPDATE ".TABLE_PREFIX."_groupmembers SET isAllowedToPost = 1 WHERE userID = ".$userID." AND groupID = ".$guestGroupID);
	
	if(!$result){
		echo "output=mysqlError&mysqlError=".mysql_error();
		mysql_close($link);
		return;
	}
	
	//hooray!
	echo "output=success";
}
?>